I've kept an Exim server which lies about its version in the greeting - 4.50 instead of 4.73 - and does nothing but host an obscure domain that doesn't get any email.
A couple of hours ago it received two connections from an IP address, both attempted to do nefarious things. The first attempted to use the mail server as a web proxy - fairly typical. The second connection 5 seconds later though, looks amazingly like the buffer overflow that was recently brought to light. This is the first time it has ever had an attempt to exploit the server instead of just attempted relaying or dictionary attacks. Yes, it leads a very boring life. There is the possibility that this has become part of some script kiddie exploit kit now so there may be more of these attacks against servers running old versions. Luckily it's not very well written and falls over fairly quickly. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
